Risk Management - Revision history

User at 15:57, 15 March 2024

2024-03-15T15:57:32Z

User at 00:36, 20 January 2023

2023-01-20T00:36:42Z

User at 18:47, 21 December 2022

2022-12-21T18:47:06Z

User at 18:39, 21 December 2022

2022-12-21T18:39:39Z

User at 17:26, 18 December 2022

2022-12-18T17:26:45Z

Show changes

User at 15:13, 7 December 2022

2022-12-07T15:13:29Z

User: The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

2021-02-06T18:06:03Z

The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

Show changes

User at 18:56, 28 May 2020

2020-05-28T18:56:22Z

Show changes

User: /* See Also */

2019-02-05T12:17:05Z

User at 12:05, 4 February 2019

2019-02-04T12:05:47Z

Show changes

← Older revision		Revision as of 15:57, 15 March 2024
Line 249:		Line 249:

	== See Also ==		== See Also ==
		+	*[[IT Strategy (Information Technology Strategy)]]
		+	*[[IT Governance]]
		+	*[[Enterprise Architecture]]
		+	*[[Chief Information Officer (CIO)]]
		+	*[[IT Sourcing (Information Technology Sourcing)]]
		+	*[[IT Operations (Information Technology Operations)]]
		+	*[[E-Strategy]]
		+
		+
		+
		+
		+
		+
		+

@@ Line 9: / Line 9: @@
 == Why is Risk Management Important? ==
-Risk management’s objective is to assure uncertainty does not deflect the endeavor from the business goals. Risks can come from various sources including uncertainty in financial markets, threats from project failures (at any phase in design, development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters, deliberate attack from an adversary, or events of uncertain or unpredictable root-cause. There are two types of events i.e. negative events can be classified as risks while positive events are classified as opportunities. Several risk management standards have been developed including the [[Project Management]] Institute, the National Institute of Standards and Technology, actuarial societies, and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety. Strategies to manage threats (uncertainties with negative consequences) typically include avoiding the threat, reducing the negative effect or probability of the threat, transferring all or part of the threat to another party, and even retaining some or all of the potential or actual consequences of a particular threat, and the opposites for opportunities (uncertain future states with benefits). Certain aspects of many of the risk management standards have come under criticism for having no measurable improvement on risk; whereas the confidence in estimates and decisions seem to increase. For example, one study found that one in six IT projects were "black swans" with gigantic overruns (cost overruns averaged 200%, and schedule overruns 70%).<ref>[https://en.wikipedia.org/wiki/Risk_management Understanding Risk Management -Wikipedia]</ref>
+Risk management’s objective is to assure uncertainty does not deflect the endeavor from the business goals. Risks can come from various sources including uncertainty in financial markets, threats from project failures (at any phase in design, development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters, deliberate attack from an adversary, or events of uncertain or unpredictable root-cause. There are two types of events i.e. negative events can be classified as risks while positive events are classified as opportunities. Several risk management standards have been developed including the Project Management Institute, the National Institute of Standards and Technology, actuarial societies, and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety. Strategies to manage threats (uncertainties with negative consequences) typically include avoiding the threat, reducing the negative effect or probability of the threat, transferring all or part of the threat to another party, and even retaining some or all of the potential or actual consequences of a particular threat, and the opposites for opportunities (uncertain future states with benefits). Certain aspects of many of the risk management standards have come under criticism for having no measurable improvement on risk; whereas the confidence in estimates and decisions seem to increase. For example, one study found that one in six IT projects were "black swans" with gigantic overruns (cost overruns averaged 200%, and schedule overruns 70%).<ref>[https://en.wikipedia.org/wiki/Risk_management Understanding Risk Management -Wikipedia]</ref>
@@ Line 214: / Line 214: @@
 == Risk Management Best Practices ==
 '''Risk Management Best Practices'''<ref>[https://iaonline.theiia.org/blogs/marks/2017/Pages/Very-useful-guidance-on-risk-management-best-practices.aspx Risk Management Best Practices -Norman Marks]</ref><br />
-*The taking of risk is a natural part of running any enterprise, but it is often not explicitly stated in the formulation of business decisions. The expression "risk" has often been exclusively associated with unwanted events, and risk management has been defined as analyzing and restricting the probability and impact of unwanted events. This is only one dimension of the total picture. Evaluating positive outcomes is just as important an element of [[Enterprise_Risk_Management_(ERM)|ERM]] as evaluating the downside as ERM is concerned with the whole picture enterprise wide and evaluating risk strategy in relation to a portfolio of risks. <ref>[https://cioindex.com/reference/a-guide-to-enterprise-risk-management/ A Guide to Enterprise Risk Management - CIO Index]</ref>
+*The taking of risk is a natural part of running any enterprise, but it is often not explicitly stated in the formulation of business decisions. The expression "risk" has often been exclusively associated with unwanted events, and risk management has been defined as analyzing and restricting the probability and impact of unwanted events. This is only one dimension of the total picture. Evaluating positive outcomes is just as important an element of ERM as evaluating the downside as ERM is concerned with the whole picture enterprise wide and evaluating risk strategy in relation to a portfolio of risks. <ref>[https://cioindex.com/reference/a-guide-to-enterprise-risk-management/ A Guide to Enterprise Risk Management - CIO Index]</ref>
 *The objective of ERM is to maintain risk at an acceptable level and ensure the best balance possible between threats and opportunities — in line with the risk appetite and business strategy of the board and executive management.<ref>[https://cioindex.com/reference/managing-enterprise-risk/ Managing enterprise risk-CIO Index]</ref> It is concerned with ensuring the achievement of goals as the enterprise develops and appropriate management of the organization's assets, including avoidance of losses as a result of unwanted events.
 *A prerequisite for being able to exercise sound risk management is therefore that there are clearly defined goals at the strategic level, to which goals at other levels in the organization may be linked. In this way risk evaluations at all levels will be linked to a hierarchy of objectives which supports the enterprise's overall strategy.
@@ Line 249: / Line 249: @@
 == See Also ==
-*[[IT Governance|Corporate Governance of Information Technology (IT Governance)]]

@@ Line 255: / Line 255: @@
 *[[Disaster_Recovery_Planning|Disaster Recovery Planning]]
 *[[Crisis_Management|Crisis Management]]
-*[[IT Strategy (Information Technology Strategy)|IT Strategic Planning|Strategic Planning for IT]]
+*[[IT Strategy (Information Technology Strategy)]]
 *[[Risk Analysis|Analysis of Risk]]
 *[[Risk Assessment|Assessment of Risk]]

@@ Line 214: / Line 214: @@
 == Risk Management Best Practices ==
 '''Risk Management Best Practices'''<ref>[https://iaonline.theiia.org/blogs/marks/2017/Pages/Very-useful-guidance-on-risk-management-best-practices.aspx Risk Management Best Practices -Norman Marks]</ref><br />
-*The taking of risk is a natural part of running any enterprise, but it is often not explicitly stated in the formulation of business decisions. The expression "risk" has often been exclusively associated with unwanted events, and risk management has been defined as analyzing and restricting the probability and impact of unwanted events. This is only one dimension of the total picture. Evaluating positive outcomes is just as important an element of [[Enterprise_Risk_Management_(ERM)|ERM]] as evaluating the downside as [https://cioindex.com/reference/a-guide-to-enterprise-risk-management/ ERM] is concerned with the whole picture enterprise wide and evaluating risk strategy in relation to a portfolio of risks.
+*The taking of risk is a natural part of running any enterprise, but it is often not explicitly stated in the formulation of business decisions. The expression "risk" has often been exclusively associated with unwanted events, and risk management has been defined as analyzing and restricting the probability and impact of unwanted events. This is only one dimension of the total picture. Evaluating positive outcomes is just as important an element of [[Enterprise_Risk_Management_(ERM)|ERM]] as evaluating the downside as ERM is concerned with the whole picture enterprise wide and evaluating risk strategy in relation to a portfolio of risks. <ref>[https://cioindex.com/reference/a-guide-to-enterprise-risk-management/ A Guide to Enterprise Risk Management - CIO Index]</ref>
-*The objective of [https://cioindex.com/reference/managing-enterprise-risk/ ERM] is to maintain risk at an acceptable level and ensure the best balance possible between threats and opportunities — in line with the risk appetite and business strategy of the board and executive management. It is concerned with ensuring the achievement of goals as the enterprise develops and appropriate management of the organization's assets, including avoidance of losses as a result of unwanted events.
+*The objective of ERM is to maintain risk at an acceptable level and ensure the best balance possible between threats and opportunities — in line with the risk appetite and business strategy of the board and executive management.<ref>[https://cioindex.com/reference/managing-enterprise-risk/ Managing enterprise risk-CIO Index]</ref> It is concerned with ensuring the achievement of goals as the enterprise develops and appropriate management of the organization's assets, including avoidance of losses as a result of unwanted events.
 *A prerequisite for being able to exercise sound risk management is therefore that there are clearly defined goals at the strategic level, to which goals at other levels in the organization may be linked. In this way risk evaluations at all levels will be linked to a hierarchy of objectives which supports the enterprise's overall strategy.
 *In practice this means ensuring the best possible basis for arriving at decisions at the various levels of the organization, so that the decisions made will support the overall objectives. Subsequently it is important to have a sound mechanism to ensure the achievement and monitoring of the decided activities.

← Older revision		Revision as of 15:13, 7 December 2022
Line 2:		Line 2:
	'''[[Risk]] [[management]]''' is the continuing [[process]] to identify, analyze, evaluate, and treat loss exposures and monitor risk [[control]] and financial resources to mitigate the adverse effects of loss.<ref>Definition - What is Risk Management? [http://www.marquette.edu/riskunit/riskmanagement/whatis.shtml marquette.edu]</ref>		'''[[Risk]] [[management]]''' is the continuing [[process]] to identify, analyze, evaluate, and treat loss exposures and monitor risk [[control]] and financial resources to mitigate the adverse effects of loss.<ref>Definition - What is Risk Management? [http://www.marquette.edu/riskunit/riskmanagement/whatis.shtml marquette.edu]</ref>

−	As the outcomes of [[business]] activities are uncertain, they are said to have some element of risk. These risks include strategic failures, operational failures, financial failures, [[market]] disruptions, environmental disasters, and regulatory violations. Risk is a statistical concept that is measured using statistical concepts that are related to the unknown future. Almost all investments are exposed to it. Risk management involves identifying the types of risk exposure within the company, measuring those potential risks, proposing means to [[hedge]], insure or mitigate some of the risks and estimating the [[impact]] of various risks on the future earnings of the company. While it is impossible that companies remove all risk from the organisation, it is important that they properly understand and manage the risks that they are willing to accept in the context of the overall corporate [[strategy]]. The management of the company is primarily responsible for risk management, but the board of directors, internal auditor, external auditor, and general counsel also play critical roles. Risk can be managed in a number of ways: by the buying of insurance, by using derivative instruments as hedges, by sharing risks with others, or by avoiding risky positions altogether.<ref>Explaining Risk Management [http://lexicon.ft.com/Term?term=risk-management FT Lexicon]</ref>	+	As the outcomes of [[business]] activities are uncertain, they are said to have some element of risk. These risks include strategic failures, operational failures, financial failures, [[market]] disruptions, environmental disasters, and regulatory violations. Risk is a statistical concept that is measured using statistical concepts that are related to the unknown future. Almost all investments are exposed to it. Risk management involves identifying the types of risk exposure within the company, measuring those potential risks, proposing means to hedge, insure or mitigate some of the risks and estimating the [[impact]] of various risks on the future earnings of the company. While it is impossible that companies remove all risk from the organisation, it is important that they properly understand and manage the risks that they are willing to accept in the context of the overall corporate [[strategy]]. The management of the company is primarily responsible for risk management, but the board of directors, internal auditor, external auditor, and general counsel also play critical roles. Risk can be managed in a number of ways: by the buying of insurance, by using derivative instruments as hedges, by sharing risks with others, or by avoiding risky positions altogether.<ref>Explaining Risk Management [http://lexicon.ft.com/Term?term=risk-management FT Lexicon]</ref>

@@ Line 274: / Line 274: @@
 [[Disaster_Recovery_Planning|Disaster Recovery Planning]]<br />
 [[Enterprise_Risk_Management_(ERM)|Enterprise Risk Management (ERM)]]<br />
-[[Crisis_Management|Crisis Management]]
+[[Crisis_Management|Crisis Management]]<br />
-[[IT Strategy (Information Technology Strategy)|IT Strategic Planning|Strategic Planning for IT]]
+[[IT Strategy (Information Technology Strategy)|IT Strategic Planning|Strategic Planning for IT]]<br />
-[[Risk Analysis|Analysis of Risk]]
+[[Risk Analysis|Analysis of Risk]]<br />
-[[Risk Assessment|Assessment of Risk]]
+[[Risk Assessment|Assessment of Risk]]<br />
-[[Risk Assessment Framework (RAF)|Framework for Risk Assessment]]
+[[Risk Assessment Framework (RAF)|Framework for Risk Assessment]]<br />
-[[Risk Based Testing|Risk Based Testing]]
+[[Risk Based Testing|Risk Based Testing]]<br />
-[[Risk IT Framework|Risk IT Framework]]
+[[Risk IT Framework|Risk IT Framework]]<br />
-[[Risk Management Framework (RMF)|Risk Management Framework (RMF)]]
+[[Risk Management Framework (RMF)|Risk Management Framework (RMF)]]<br />
-[[Risk Matrix|Risk Matrix]]
+[[Risk Matrix|Risk Matrix]]<br />
-[[Risk Maturity|Risk Maturity]]
+[[Risk Maturity|Risk Maturity]]<br />
-[[Risk Maturity Model (RMM)|Risk Maturity Model (RMM)]]
+[[Risk Maturity Model (RMM)|Risk Maturity Model (RMM)]]<br />
 [[Compliance]]